Chao Wu,Yike Guo

DOI: https://doi.org/10.1109/bigdata.2013.6691688

2013-01-01

Abstract:Personal data collection is becoming pervasive these days, these data has the risk of being abused by current application and application marketplace model, because only the price of application is explicitly indicated without clear agreement on usage of data, and the granularity of data access authentication is not enough to protect users privacy. In this short paper, we propose a new model of user data privacy. Data usage of the application is explicitly shown, and controlled by an authentication service, to protect users from the abuse of their data, especially in mobile application.

A K M Nuhil Mehdy,Hoda Mehrpouyan

DOI: https://doi.org/10.1145/3465481.3470102

2021-06-18

Abstract:In order to create user-centric and personalized privacy management tools, the underlying models must account for individual users' privacy expectations, preferences, and their ability to control their information sharing activities. Existing studies of users' privacy behavior modeling attempt to frame the problem from a request's perspective, which lack the crucial involvement of the information owner, resulting in limited or no control of policy management. Moreover, very few of them take into the consideration the aspect of correctness, explainability, usability, and acceptance of the methodologies for each user of the system. In this paper, we present a methodology to formally model, validate, and verify personalized privacy disclosure behavior based on the analysis of the user's situational decision-making process. We use a model checking tool named UPPAAL to represent users' self-reported privacy disclosure behavior by an extended form of finite state automata (FSA), and perform reachability analysis for the verification of privacy properties through computation tree logic (CTL) formulas. We also describe the practical use cases of the methodology depicting the potential of formal technique towards the design and development of user-centric behavioral modeling. This paper, through extensive amounts of experimental outcomes, contributes several insights to the area of formal methods and user-tailored privacy behavior modeling.

Cryptography and Security

Hanieh Atashpanjeh,Rizu Paudel,Mahdi Nasrullah Al-Ameen

DOI: https://doi.org/10.1080/10447318.2024.2392064

IF: 4.92

2024-10-03

International Journal of Human-Computer Interaction

Abstract:Users' mental models influence secure and privacy-preserving behavior in a computing environment. Prior studies on users' mental models of Internet, security tools, and digital privacy show that there is no one-size-fits-all solution when it comes to security and privacy design. However, little study to date has explored the ways to translate users' mental models into interactive security and privacy designs. As we begin to address this gap, we focus on privacy policy in this paper. The typical text-based privacy policy suffers from poor readability and usability. A recent study proposed a Visual Interactive Privacy Policy (VIPP), showing promise to offer a better user experience as compared to prior designs – we used VIPP as a control condition and compared that with our mental model (MM)-based designs, inspired by users' privacy mental models explored in the existing literature. We iteratively improved our MM-based designs through a series of user studies in the lab setting. We evaluated our updated designs in an online study with 182 participants over Amazon Mechanical Turk. The participants rated MM-based designs significantly better than the control in most of our evaluation parameters. Furthermore, we found that when a design is centered around the mental model of participants, study participants rated it higher in terms of personal connection to the design, perspicuity, attractiveness, being stimulated towards privacy protection, as well as the propensity for real-life adoption. Based on our findings, we discussed the successes and challenges of MM-based designs and provided guidelines on the scope of leveraging mental models in the broader area of privacy and security designs.

computer science, cybernetics,ergonomics

QIAN Ji-an,JIANG Xing-hao,SUN Tan-feng

DOI: https://doi.org/10.3969/j.issn.1009-8054.2011.02.029

2011-01-01

Abstract:With more and more information collected via networks,customers' requirements for privacy protection could be satisfied by making privacy policies by themselves.Privacy ontology reflects the common knowledge of privacy and customers' basic needs for privacy protection.Privacy ontology-based personalized access control(PO-PAC)model adopts common policies in combination with personalized policies based on privacy ontology.Users' personalized requirements with different granularity are realized by multi-level chain activation mode.

Ayesha Qamar,Tehreem Javed,Mirza Omer Beg

DOI: https://doi.org/10.48550/arXiv.2102.12362

2021-02-21

Abstract:Privacy Policies are the legal documents that describe the practices that an organization or company has adopted in the handling of the personal data of its users. But as policies are a legal document, they are often written in extensive legal jargon that is difficult to understand. Though work has been done on privacy policies but none that caters to the problem of verifying if a given privacy policy adheres to the data protection laws of a given country or state. We aim to bridge that gap by providing a framework that analyzes privacy policies in light of various data protection laws, such as the General Data Protection Regulation (GDPR). To achieve that, firstly we labeled both the privacy policies and laws. Then a correlation scheme is developed to map the contents of a privacy policy to the appropriate segments of law that a policy must conform to. Then we check the compliance of privacy policy's text with the corresponding text of the law using NLP techniques. By using such a tool, users would be better equipped to understand how their personal data is managed. For now, we have provided a mapping for the GDPR and PDPA, but other laws can easily be incorporated in the already built pipeline.

Cryptography and Security,Computation and Language

Christopher G. Bradley

DOI: https://doi.org/10.2139/ssrn.4408244

2023-01-01

SSRN Electronic Journal

Abstract:Despite being subjected to decades of sharp criticism, privacy policies published by companies remain a linchpin of privacy regulation. Representations in these policies provide the main measure against which consumer privacy can be judged. Policies are rarely read by consumers and are most often interpreted by decision makers within companies who have to determine if a proposed course of action is consistent with stated policies as well as underlying privacy law. The degree to which policies provide constraint will rely on whether the policies are sufficiently clear that even a company-friendly reading requires a consumer-data-protective course of action.Experimental evidence on the interpretation of privacy policies provides no grounds for encouragement about such constraint, because it suggests that policies are often so ambiguous that neither laypeople nor experts can consistently interpret them. This Article supports those experimental findings with real-world evidence. It draws on a data set of court filings of experts appointed to consider the legality of transfers of consumers’ private data. The study finds that even independent, court appointed experts rely on interpretive practices that are unreliable and inconsistent. It reveals divergences concerning what even relatively common, standard privacy policy provisions actually mean, in relatively common situations, such as the attempt to sell data as part of a reorganization or liquidation. This suggests that privacy regulation should not rely too heavily on the language of privacy policies unless greater consensus can be reached. The Article then proposes to put the interpretation of privacy policies on more sound footing. It explores two primary approaches. Privacy policies could be subjected to more certain meaning through a turn to standardization, where policies are communicated by reference to interpretive principles laid out by regulation or by understanding grounded in empirical research on the meaning of the various terms. Alternatively, privacy policies could be subjected to a set of interpretive principles that would provide a more certain basis for interpretation and also encourage drafters of policies to state themselves more clearly.

Victor Morel,Raúl Pardo

DOI: https://doi.org/10.48550/arXiv.1908.06814

2020-09-11

Abstract:Privacy policies are the main way to obtain information related to personal data collection and processing. Originally, privacy policies were presented as textual documents. However, the unsuitability of this format for the needs of today's society gave birth to other means of expression. In this paper, we systematically study the different means of expression of privacy policies. In doing so, we have explored the three main categories, which we call facets, ie, natural language, graphical and machine-readable privacy policies. Each of these facets focuses on the particular needs of the communities they come from, ie, law experts, organizations and privacy advocates, and academics, respectively. We then analyze the benefits and limitations of each facet, and explain why solutions based on a single facet do not cover the needs of other communities. Finally, we set guidelines and discuss challenges of an approach to expressing privacy policies which brings together the benefits of each facet as an attempt to overcome their limitations.

Computers and Society,Human-Computer Interaction

Shidong Pan,Zhen Tao,Thong Hoang,Dawen Zhang,Zhenchang Xing,Xiwei Xu,Mark Staples,David Lo

2023-07-09

Abstract:Privacy policies have become the most critical approach to safeguarding individuals' privacy and digital security. To enhance their presentation and readability, researchers propose the concept of contextual privacy policies (CPPs), aiming to fragment policies into shorter snippets and display them only in corresponding contexts. In this paper, we propose a novel multi-modal framework, namely SeePrivacy, designed to automatically generate contextual privacy policies for mobile apps. Our method synergistically combines mobile GUI understanding and privacy policy document analysis, yielding an impressive overall 83.6% coverage rate for privacy-related context detection and an accuracy of 0.92 in extracting corresponding policy segments. Remarkably, 96% of the retrieved policy segments can be correctly matched with their contexts. The user study shows SeePrivacy demonstrates excellent functionality and usability (4.5/5). Specifically, participants exhibit a greater willingness to read CPPs (4.1/5) compared to original privacy policies (2/5). Our solution effectively assists users in comprehending privacy notices, and this research establishes a solid foundation for further advancements and exploration.

Cryptography and Security,Software Engineering

Jianning Geng,Lin Liu,Barrett R. Bryant

DOI: https://doi.org/10.1145/1809100.1809109

2010-01-01

Abstract:Privacy policies which are stated by the service provider are intended to convey to the users the information how their personal data will be protected. Thus, letting the user understand the privacy policy and trust the service provider is a crucial task. This paper proposes a personalized privacy management framework with which users can participate in the privacy management. Existing privacy policies are analyzed and improved. Within this framework, the privacy policy can not only be regulated, but also can be easily understood by users at a glance.

Yingjie Wang,Zhihong Zhou,Jianhua Li

DOI: https://doi.org/10.1007/978-3-642-54924-3_106

2014-01-01

Abstract:Now, organizations are required to comply with existing privacy protection regulations on data collection, use, and disclosure. Privacy preservation in a data-sharing computing environment is becoming a challenging problem. The core part of privacy protection is purposes for and circumstances under which the data can be accessed. It must be ensured that data can only be used for its intended purposes, so the access purpose should be compliant with the intended purposes. In this paper, the role-based access control (RBAC) model is extended to incorporate the notion of purpose. Relationships between purposes are defined. It is investigated that how different components in the RBAC model are related to purpose and how the purpose information can be used to determine whether a subject has access to a given object. The model can suit for applications consisting of static and dynamic objects, where both access purpose and intended purpose are needed for consideration before granting access.

Michael Carl Tschantz,Anupam Datta,Jeannette M. Wing

DOI: https://doi.org/10.48550/arXiv.1102.4326

2011-02-22

Abstract:Privacy policies often place requirements on the purposes for which a governed entity may use personal information. For example, regulations, such as HIPAA, require that hospital employees use medical information for only certain purposes, such as treatment. Thus, using formal or automated methods for enforcing privacy policies requires a semantics of purpose requirements to determine whether an action is for a purpose or not. We provide such a semantics using a formalism based on planning. We model planning using a modified version of Markov Decision Processes, which exclude redundant actions for a formal definition of redundant. We use the model to formalize when a sequence of actions is only for or not for a purpose. This semantics enables us to provide an algorithm for automating auditing, and to describe formally and compare rigorously previous enforcement methods.

Cryptography and Security

Christopher A. Wood,Jana Iyengar,Alex Davidson

DOI: https://doi.org/10.17487/rfc9576

2024-06-01

Abstract:This document specifies the Privacy Pass architecture and requirements for its constituent protocols used for authorization based on privacy-preserving authentication mechanisms. It describes the conceptual model of Privacy Pass and its protocols, its security and privacy goals, practical deployment models, and recommendations for each deployment model, to help ensure that the desired security and privacy goals are fulfilled

Computer Science,Engineering

V. S. Prakash Attili,Saji K. Mathew,Vijayan Sugumaran

DOI: https://doi.org/10.1007/s10796-021-10158-0

2021-06-22

Information Systems Frontiers

Abstract:Information privacy concerns have been rising over a few decades. As per the recent General Data Protection Regulation, organizations need to implement the highest-possible privacy settings by design and default. Following the neo-institutional theory, this study develops a model for understanding the mechanism of information privacy assimilation in Information Technology (IT) organizations. This study treats information privacy as a distinct dimension separate from security. After analyzing a sample survey data of 214 respondents from the IT industry, privacy capability and organizational culture emerged as influencing factors with a statistically significant influence on information privacy assimilation. The findings from this study support the mediating role of senior management participation between the external coercive forces and privacy-related business strategy. Business strategy also plays a mediating role between coercive/normative forces and privacy-related activities within an organization. Here the mimetic forces show a direct influence on privacy-related activities. A positive moderating effect of organizational culture on normative forces and privacy-related activities relationship; and a negative moderating effect of privacy capability on mimetic forces and privacy-related activities relationship are observed. These findings could enable senior managers to respond to institutional pressures by focusing on appropriate factors within an organization for developing effective privacy strategies and actions. This work is an extension of the pilot work that was published in Communications of the Association for Information Systems (CAIS), 2018. The prior work focuses on developing the propositions qualitatively. Building on that, we have formally defined the hypotheses, developed the appropriate survey instrument and collected the primary data which is large enough to do adequate analysis. Adopted a quantitative approach using an extensive sample survey of IT organizations, followed a more rigorous process for data collection, analysis, and discussion of the results. In addition, based on the lessons learned from the pilot study, we have updated the research model and hypotheses with a focus on privacy-related business strategy and activities.

computer science, information systems, theory & methods

Leon Garza,Lavanya Elluri,Anantaa Kotal,Aritran Piplai,Deepti Gupta,Anupam Joshi

2024-05-01

Abstract:Data protection and privacy is becoming increasingly crucial in the digital era. Numerous companies depend on third-party vendors and service providers to carry out critical functions within their operations, encompassing tasks such as data handling and storage. However, this reliance introduces potential vulnerabilities, as these vendors' security measures and practices may not always align with the standards expected by regulatory bodies. Businesses are required, often under the penalty of law, to ensure compliance with the evolving regulatory rules. Interpreting and implementing these regulations pose challenges due to their complexity. Regulatory documents are extensive, demanding significant effort for interpretation, while vendor-drafted privacy policies often lack the detail required for full legal compliance, leading to ambiguity. To ensure a concise interpretation of the regulatory requirements and compliance of organizational privacy policy with said regulations, we propose a Large Language Model (LLM) and Semantic Web based approach for privacy compliance. In this paper, we develop the novel Privacy Policy Compliance Verification Knowledge Graph, PrivComp-KG. It is designed to efficiently store and retrieve comprehensive information concerning privacy policies, regulatory frameworks, and domain-specific knowledge pertaining to the legal landscape of privacy. Using Retrieval Augmented Generation, we identify the relevant sections in a privacy policy with corresponding regulatory rules. This information about individual privacy policies is populated into the PrivComp-KG. Combining this with the domain context and rules, the PrivComp-KG can be queried to check for compliance with privacy policies by each vendor against relevant policy regulations. We demonstrate the relevance of the PrivComp-KG, by verifying compliance of privacy policy documents for various organizations.

Cryptography and Security,Artificial Intelligence

Suvineetha Herath,Dakota State University,Haywood Gelman,Lisa McKee,

DOI: https://doi.org/10.32727/8.2023.18

2023-10-12

Abstract:In today's data-sharing paradigm, personal data has become a valuable resource that intensifies the risk of unauthorized access and data breach. Increased data mining techniques used to analyze big data have posed significant risks to data security and privacy. Consequently, data breaches are a significant threat to individual privacy. Privacy is a multifaceted concept covering many areas, including the right to access, erasure, and rectify personal data. This paper explores the legal aspects of privacy harm and how they transform into legal action. Privacy harm is the negative impact to an individual as a result of the unauthorized release, gathering, distillation, or expropriation of personal information. Privacy Enhancing Technologies (PETs) emerged as a solution to address data privacy issues and minimize the risk of privacy harm. It is essential to implement privacy enhancement mechanisms to protect Personally Identifiable Information (PII) from unlawful use or access. FIPPs (Fair Information Practice Principles), based on the 1973 Code of Fair Information Practice (CFIP), and the Organization for Economic Cooperation and Development (OECD), are a collection of widely accepted, influential US codes that agencies use when evaluating information systems, processes, programs, and activities affecting individual privacy. Regulatory compliance places a responsibility on organizations to follow best practices to ensure the protection of individual data privacy rights. This paper will focus on FIPPs, relevance to US state privacy laws, their influence on OECD, and reference to the EU General Data Processing Regulation. (GDPR).

Aymen Akremi,Mohsen Rouached

DOI: https://doi.org/10.1007/s11227-020-03594-3

IF: 3.3

2021-01-12

The Journal of Supercomputing

Abstract:Although Cloud computing is gaining popularity by supporting data analysis in an outsourced and cost-effective way, it brings serious privacy issues when sending the original data to Cloud servers. Sensitive data have a significant value, and any infringement of privacy can cause great loss in terms of money and reputation. Thus, for any Cloud ecosystem to be accepted and easily adopted by different stakeholders, privacy concerns are of utmost importance. Users' discomfort is mainly due to the lack of control over their personal's data outsourced and processed on the Cloud environment. However, the lack of Cloud data governance and the absence of up-to-date dedicated technologies represent serious barriers to satisfy different Cloud stakeholders' privacy needs. Consequently, any proposed Cloud platform or technology must consider required technical measures and managerial safeguards to handle sensitive data, to avoid breakdowns, and be intensely investigated by current and future research trends. Several researchers have conducted surveys to understand and target privacy issues in the Cloud. However, their research consists mostly of descriptive literature reviews. In this paper, we propose a holistic and comprehensive taxonomy for Cloud privacy. This study is supported by the results of a systematic literature review, which provides a methodical, structured, and rigorous approach facilitating the understanding of privacy-preserving Cloud strategies and techniques. The study's objective is to offer a credible intellectual guide for upcoming researchers in Cloud privacy and identify active privacy research areas to make the most impact.

刘逸敏,王智慧,周皓峰,汪卫

DOI: https://doi.org/10.3778/j.issn.1673-9418.2010.03.004

2010-01-01

Abstract:With the release of the privacy data access guidelines by industries,such as HIPAA and OECD guidelines,the access control of privacy data has recently become a hot research topic in the area of privacy data management.The role-based access control mechanism and view-based access control mechanism in a relational database only support the controls for users'access permissions,but they don't solve the problems of privacyaware access control.The key elements for describing privacy data are the hierarchical structure of data purpose.Several purpose-based access control models presented currently have two shortcomings:The redundancy of privacy policies and the query results not maximized.This paper proposes a novel purpose-based relational database access control model R-PAACEE(privacy-aware access control enforcement engine),which can reduce the redundancy of privacy policies by constructing the concept hierarchy of privacy policies and describing them with ordered tuples.The paper also presents a query-rewritten algorithm for separating the private and non-private attributes,which can maximize the query results.The experimental results show that for a query related to privacy data,a database management system with R-PAACEE can achieve good query performance.

Mary Anne Smart,Priyanka Nanayakkara,Rachel Cummings,Gabriel Kaptchuk,Elissa Redmiles

2024-08-19

Abstract:Differential privacy is a popular privacy-enhancing technology that has been deployed both in industry and government agencies. Unfortunately, existing explanations of differential privacy fail to set accurate privacy expectations for data subjects, which depend on the choice of deployment model. We design and evaluate new explanations of differential privacy for the local and central models, drawing inspiration from prior work explaining other privacy-enhancing technologies. We find that consequences-focused explanations in the style of privacy nutrition labels that lay out the implications of differential privacy are a promising approach for setting accurate privacy expectations. Further, we find that while process-focused explanations are not enough to set accurate privacy expectations, combining consequences-focused explanations with a brief description of how differential privacy works leads to greater trust.

Cryptography and Security,Human-Computer Interaction

Awanthika Rasanjalee Senarath,Nalin Asanka Gamagedara Arachchilage

DOI: https://doi.org/10.48550/arXiv.1710.03890

2017-10-11

Abstract:End user privacy is a critical concern for all organizations that collect, process and store user data as a part of their business. Privacy concerned users, regulatory bodies and privacy experts continuously demand organizations provide users with privacy protection. Current research lacks an understanding of organizational characteristics that affect an organization's motivation towards user privacy. This has resulted in a "one solution fits all" approach, which is incapable of providing sustainable solutions for organizational issues related to user privacy. In this work, we have empirically investigated 40 diverse organizations on their motivations and approaches towards user privacy. Resources such as newspaper articles, privacy policies and internal privacy reports that display information about organizational motivations and approaches towards user privacy were used in the study. We could observe organizations to have two primary motivations to provide end users with privacy as voluntary driven inherent motivation, and risk driven compliance motivation. Building up on these findings we developed a taxonomy of organizational privacy approaches and further explored the taxonomy through limited exclusive interviews. With his work, we encourage authorities and scholars to understand organizational characteristics that define an organization's approach towards privacy, in order to effectively communicate regulations that enforce and encourage organizations to consider privacy within their business practices.

Cryptography and Security,Computers and Society

Lun Wang,Joseph P. Near,Neel Somani,Peng Gao,Andrew Low,David Dao,Dawn Song

DOI: https://doi.org/10.48550/arXiv.1909.00077

2019-08-31

Abstract:The increasing pace of data collection has led to increasing awareness of privacy risks, resulting in new data privacy regulations like General data Protection Regulation (GDPR). Such regulations are an important step, but automatic compliance checking is challenging. In this work, we present a new paradigm, Data Capsule, for automatic compliance checking of data privacy regulations in heterogeneous data processing infrastructures. Our key insight is to pair up a data subject's data with a policy governing how the data is processed. Specified in our formal policy language: PrivPolicy, the policy is created and provided by the data subject alongside the data, and is associated with the data throughout the life-cycle of data processing (e.g., data transformation by data processing systems, data aggregation of multiple data subjects' data). We introduce a solution for static enforcement of privacy policies based on the concept of residual policies, and present a novel algorithm based on abstract interpretation for deriving residual policies in PrivPolicy. Our solution ensures compliance automatically, and is designed for deployment alongside existing infrastructure. We also design and develop PrivGuard, a reference data capsule manager that implements all the functionalities of Data Capsule paradigm.

Computers and Society